Legal Insights and Analysis to Enhance Policyholder Recoveries

Following the June 4, 2018 landmark decision by the California Supreme Court in Liberty Surplus Insurance Corporation v. Ledesma & Meyer Construction Company, 5 Cal. 5th 216 (2018), the insurance industry is not taking the decision to heart—but rather continuing to wage war on their insureds to avoid paying claims for unintended injuries, when caused by “intentional” conduct. In Ledesma, the majority opinion determined that an employee’s molestation of a third party, Doe, “may be deemed an unexpected consequence of L&M’s independently tortious acts of negligence (in hiring, maintaining and supervising the employee.) “ The Court also noted, as stated in Minkler (49 Cal. 4th at p 327, fn4), “the public policy against insurance for one’s own intentional sexual misconduct does not bar liability coverage for others whose mere negligence contributed in some way to the acts of abuse…” A concurring opinion by Justice Liu would have gone farther to find that an “accident” can include intentional conduct resulting in unintended harm (the policy was an “occurrence” based liability policy, where “occurrence” was defined as an “accident, including continuous or repeated exposure to substantially the same general harmful conditions.”)

The concurring opinion noted that “…in a liability insurance policy, an “accident” does not necessarily refer to the conduct of the insured, rather it is an “unexpected, unforeseen, or undersigned happening or consequence … resulting from the conduct of the insured.” Justice Liu noted that: “This understanding of “accident “is consistent with the court’s answer to the question presented.” Justice Liu disagreed with the majority opinion which applied (Delgado, 47 Cal 4th 302, 315) by finding “in determining whether the injury is a result of an accident, taking into consideration acts or events before the insured’s acts would be illogical and contrary to California case law.” Rather, Justice Liu noted there are “myriad situations where we would examine prior events to determine whether an insured’s acts resulted in an accidental injury. For example, suppose an insured driver steps on the accelerator because a passenger spilled coffee on the driver and as a result the car hits another car and causes injury … In determining whether the injury was accidental, we would of course look to the act of the coffee-spilling passenger, even though the passenger was not the insured.” But that was not the onlypoint Justice Liu made in differing with the majority opinion.

Justice Liu would also have overruled the faulty analysis in Merced Mutual Ins. Co. v. Mendez (1989) 213 Cal. App. 3d 41, which held no accident occurred when an insured sexually assaulted a victim, whom the insured claimed to have honestly believed had consented to the sexual activity. The Mendez decision stated there was no accident and thus no coverage because there was no “additional, unexpected, independent or unforeseen act” that occurred. In order to harmonize the Ledesma decision, according to Justice Liu, it is necessary to note the error in the Mendez opinion because it overlooked the fact that the insured claimed he did not realize that the victim was not consenting. Thus, there was an “accident,” and therefore, no requirement of any “additional, unexpected, independent or unforeseen act” if the insured honestly intended no harm.

How then to consider the case now pending in the Ninth Circuit, Cybernet Entertainment LLC v. State Compensation Insurance Fund (Case No. 18-15082)? In Cybernet, the insured appealed a no coverage determination by the trial court where the liability insurer refused to defend its insured against claims of bodily injury made by Cybernet employees. Cybernet is in the business of producing erotic video purveyed on the Internet. It supposedly had established standards of sanitation which allowed its performers to avoid HIV and other sexually transmitted diseases, which might be contracted during the filmed performances. The underlying plaintiffs alleged that they were assured that working for Cybernet would be safe and condoms and other barriers would be required; but, in fact, they were not. The plaintiffs claimed physical injuries and infections followed as a result of that failure. On the basis of those allegations, the plaintiffs alleged counts of Negligence, Negligence per se; Breach of the Implied Covenant of Good Faith and Fair Dealing and Negligent supervision, hiring and retention. The latter three claims are identical to those theories pursued against Ledesma and for which the California Supreme Court found coverage.

Cybernet denied all the allegations, and sought liability coverage from State Fund under the Employers Liability section of the policy.

The issue is whether the Employers Liability side of a workers comp policy, under which Cybernet sought a defense, would be required to defend against these claims, notwithstanding two coverage defenses raised by the insurer: exclusivity of workers compensation (barring any coverage under the Employers Liability side of the policy) and the intentional conduct exclusion.

The underlying plaintiffs had pursued workers compensation which State Fund also disputed. Those claims were pending before the WCAB.

The insured, Cybernet, did attempt to have the trial Court dismiss the plaintiffs’ civil lawsuits under the exclusive remedy doctrine, but the court refused, relying on assertions that the plaintiffs were independent contractors, not employees, and on other exceptions to the exclusive workers comp remedy—such as “unprovoked physical act of aggression of another employee.” Initially, State Fund defended, but later withdrew, the defense, relying on Exclusion 4 (workers comp benefits) and Exclusion 5 (intentional injury.)

Cybernet argues the plaintiffs’ lawsuit alleges claims of intentional employer conduct, which bring the employer beyond the boundaries of the compensation bargain (thus they are not subject to the exclusive remedy exclusion). However, this does not mean the claims are that the employer intended to harm the employees. Indeed, Cybernet faced potential liability in the civil action without (or outside of) the plaintiffs having to prove their employer intended to harm them. The claims included that the employer failed to provide a safe working environment and included, in particular, allegations of negligent hiring and supervision of others who allegedly harmed the plaintiffs. Relying on the exclusions to bar coverage required State Farm to prove that the exclusion “applies in all possible worlds”—conclusive, undisputed evidence that supports no potential for coverage [Atlantic Mutual Ins. Co. v. Lamb 100 Cal App 4th 1017 (2002) Montrose Chem. Corp. v. Sup Crt. 6 Cal 4th 287, 300 (1993)]. If there is any potential for coverage under the Employers Liability side of the policy, there is an obligation to defend. The Policy specifically covered “bodily injury by accident” and defined “accident” as “an event that is neither expected nor intended from the standpoint of the insured.” To avoid coverage, State Fund must prove that either the entire case belongs in workers compensation (Exclusion 4) or that all damages or bodily injury were “intentionally caused or aggravated” by the insured (Exclusion 5). Cybernet argued that neither exclusion fully applied to bar a defense. The first only applied to negligence acts based claims, whereas the second could not bar the intentional acts claims because Cybernet did not intend any injury. It is important to note that Cybernet sought a dismissal of the pending lawsuits on the basis that they all belonged in workers comp—but the judge overruled the demurrers, refusing to decide whether the plaintiffs were independent contractors (not subject to worker compensation) and whether, in any case, the exception for “unprovoked physical act of aggression of another employee” may apply to keep the civil action from being dismissed, in favor of workers compensation. Under the reasoning in the Ledesma opinion, it appears there should be a defense, as there is a potential for coverage under the Employers Liability portion of the policy.

State Fund argued the exclusive remedy exclusion applied, arguing the conduct of the employer fit within the facts of other opinions that had applied the same remedy. The Fund noted the District Court had distinguished between the negligence based claims for which it applied Exclusion 4 of the exclusive remedy, and those alleging intentional conduct as not fitting within this exclusion. The Fund argued the exclusive remedy exclusion also barred claims relating to intentional conduct and that in any case, intentional conduct was merely alleged, and thus the claims were excluded under Exclusion 5. While its arguments on the scope of the workers compensation exclusion are strong, and thus should result in dismissal of the tort claims, that does not avoid the insurer’s duty to defend these claims. Further, the application of the intentional acts exclusion would likely fail following the Ledesma decision. The Fund argues its employers liability coverage is not a “general liability” policy as it only covers bodily injury—an argument which doesn’t make sense as a coverage defense, as the plaintiffs’ claims are only for bodily injury. The Fund argues the court must look at the “cause” of the alleged injuries—and argues the cause must be intentional, not negligent conduct (to avoid the exclusivity exclusion.) The Ninth Circuit just issued the Ledesma decision on June 4, 2018—a bit over a month ago, and will likely now have to consider its implications in this case.

An easy out may be to apply Exclusion 4 (workers compensation exclusive remedy) to all the claims and avoid the issue altogether. However, as noted above, the court in the civil action refused to apply that remedy to the substantive claims. We shall see what they do with this one!

Recently we wrote about a case which has been argued before the Supreme Court of California and is now awaiting decision (see The Duty to Defend in California). In that case, Liberty Surplus Insurance Co. v. Ledesma & Meyer Construction Co., Inc., the issue is whether an employer, sued for negligent hiring of a workman who had allegedly molested the plaintiff, is entitled to a defense from his general liability insurer. That decision has not been handed down yet.

Another interesting defense coverage case is waiting in the wings. The California Supreme Court recently granted review in Travelers Property & Casualty Co. v. Actavis, Inc., a very unusual case where two counties sued the manufacturers of opiate medicines for allegedly engaging in a “sophisticated and highly deceptive marketing campaign” to increase their sales of opioid products by promoting them to prescribing physicians for uses for which the products were not suited. Thereby, the counties claimed, the manufacturers opened the door to an opioid epidemic of non-prescription uses which cost them great expense. The manufacturers sued their liability insurers for a defense, but the court of appeal ruled that the plaintiffs had alleged that the conduct was alleged to have been intentional, so that no coverage was required.

There appears to be no dispute between the parties that even if the manufacturers were aware that the opioid medications were subject to abuse, they had still been approved by government authority and served certain patients’ medical needs. For this reason, the defense coverage issue here should come down to whether the marketer’s knowledge of possible abuse of its product by downstream users makes its efforts to sell the product for use by people with legitimate medical needs an intentional case of tortious conduct, and thus uninsured. Here as well, the court’s decision should determine whether California will maintain its rule that to obtain a defense,”the insured need only show that the underlying claim may fall within policy coverage; the insurer must prove it cannot.” (Montrose Chemical Corp. v. Superior Court (1933) 6 Cal. 4th 290, 300.)

The policyholders’ side in these cases should find support in a new decision of the California court of appeal. In Those Certain Underwriters at Lloyd’s London et al. v. Connex Railroad LLC, that court found that the insurer owed a defense to a railroad company whose train operator took his eyes off the rails to engage in private texting – surely more than careless conduct, where 25 people were killed in the ensuing derailment.

All primary liability insurance policies require the insurer to defend against claims where potential liability under the policy exists. California has long been a leader in requiring a broad interpretation of potential liability, appropriately so because liability insurance has been a mainstay of our industrialized society, where accidents are common and the costs of defense and liability can be vast. Accidents are universal, and volitional conduct is of course insured, so long as harm is unintended, but “willful” conduct is not insured.

The California Supreme Court has famously stated that “[t]o prevail [on the duty to defend], the insured must prove the existence of a potential for coverage, while the insurer must establish the absence of any such potential. In other words, the insured need only show that the underlying claim may fall within policy coverage; the insurer must prove it cannot.” (Montrose Chemical Corp. v. Superior Court (1993) 6 Cal. 4th 290, 300).

Even where the likelihood of an unintentional accident is small as compared to the insured’s intentional conduct or where only one of several claims falls within the policy’s indemnity coverage, the insurer must defend as long as there is any potential of liability on the covered claim. That, and the duty of the insurer to settle within policy limits if there is a risk of an excess verdict, have greatly contributed to financial stability in our society, which could otherwise encounter much random economic uncertainty.

But their duty to defend and thus to settle is often challenged by insurers if an element of intention appears regarding some of the conduct that led to the insurance claim. The balance between insurer and insured is not as stable as it could be.

For instance, an automobile driver may make a left turn and misjudge the speed of oncoming traffic, and a collision may result. That is an intentional act, but no auto insurer would deny it was an accident. What if the driver ran off the road to avoid a collision? The insurer may argue that intentional conduct was the key event and relieves the insurer from its duty to defend the claim. From that model, the reader can see that the rule that the insurer must defend any claim which potentially falls within the liability obligation, and try to settle it if the claim exceeds the policy’s liability limit, is a great force for social stability.

That duty to defend is currently under attack in two cases before the Supreme Court of California, one of which has been argued and may be decided at any time. In that case, Liberty Surplus Insurance Co. v. Ledesma & Meyer Construction Co., Inc., a plaintiff claimed to have been a victim of a sexual assault and sued (among others) the alleged assailant’s employer for negligent hiring of that person, claiming that if the aggressor had been properly screened he would not have been hired and would not have had the opportunity to attack her at the job site.

The sexual attack is clearly an intentional act. No one sought insurance coverage for that action. The employer tendered the negligent hiring claim to its insurer, which rejected coverage arguing that the hiring was too remote from the assault to constitute an “occurrence,” which would have triggered the duty to defend. The lower court agreed and ruled for the insurer. But the Supreme Court has held that actions collateral to sexual misconduct may require an insurer to provide a defense (Horace Mann Ins. Co. v. Barbara B. (1993) 4 Cal. 4th 1076, 1078), and that if an insurer has to defend one of several claims in a single complaint, it must defend the entire suit (Hogan v. Midland National Ins. Co. (1970) 3 Cal. 3d 553). But it has also held that allegations of intentional conduct by the insured remove any duty for its insurer to defend the claim.

In Delgado v. Interinsurance Exchange of Automobile Club of Southern California (2009) 47 Cal. 4th 302, the court denied a duty to defend “when all of the acts, the manner in which they were done, and the objective accomplished occurred as intended by the actor,” and because there “the conduct which gave rise to the suit was done with the intent to cause injury” – a decision the court reached because “there is no allegation in the complaint that the acts themselves were merely shielding or the result of a reflex action. Therefore, the injuries were not as a matter of law accidental, and consequently there is no potential for coverage under the policy.”

Delgado has become a beacon for insurers seeking to avoid a duty to defend although as Witkin states, “any extrinsic facts known from any source can trigger a duty to defend, even where the complaint does not facially indicate a potential for coverage. [Citation.] This includes all facts, both disputed and undisputed, that the insurer knows or becomes aware of from any source…” (2 Witkin, Summary of California Law, 11th ed., Insurance, ¶ 390). Thus, in California, unlike in some other states, an insurer’s duty to defend is not determined only from the “four corners” of the complaint but also involves exploration of other events about the incident.

Thus, California has two divergent rules about insurers’ duty to provide a defense even where a valid indemnity claim may be hard to discern because the complaint may have concentrated on (or may be limited to) charging intentional actions; or the coverage-seeking event may be just one in a chain of events leading up to the final injury-causing action. The Montrose line of cases requires a defense even where indemnity coverage may be very remote or improbable, while the Delgado line looks skeptically at what a complaint may actually allege. The Ledesma & Myer decision should end this duality. Let’s hope that it will restore California’s leadership in requiring a defense even where the covered conduct is a peripheral or remote part of the claim against the insured.

A cornerstone of California law is that the duty to defend arises whenever the lawsuit against the insured seeks damages on any theory that, if proved, would be covered by the policy. Indeed the duty to defend is so broad that it is excused only when “the third party complaint can by no conceivable theory raise a single issue which would bring it with the policy coverage.” (Montrose Chem. Corp. v. Superior Court (1993) 6 Cal 4th 287, 295 –applying law first set forth in Gray v. Zurich Ins. Co. (1966) 65 Cal 2d 263.) It took almost fifty-one years of litigation for the courts to clarify the duty to defend, but with each new case, the Insurers will continue to contest both their duty to defend and if they must defend, whether independent counsel is required.

Back some forty-six years ago in Executive Aviation Inc. v. National Ins. Underwriters (1971) 16 Cal App 3d 799, 810, the appellate court recognized that “the insurer’s desire to exclusively control the defense must yield to its obligation to defend its policyholder” and pay for independent counsel under the facts of that case. Where the insurer defends under reservations and appoints its panel defense counsel, such counsel may find himself or herself in conflict! If counsel can favor his or her insurer client when developing evidence or undertaking defense strategy in a way to negate coverage, the courts have fashioned a remedy: the right to independent counsel paid for by the insurer.

The outcome of the coverage dispute can be affected by the manner in which the case is defended.

Several insureds are defendants and they have conflicting claims against each other.

The same attorney is representing the insurer in a DRA seeking to avoid coverage who the insurer appoints as defense counsel for the insured (!!—this was the circumstance in Executive Aviation).

The insurer seeks to settle the claim for more than policy limits exposing their insureds to the excess liability (!! a real case where that happened is Golden Eagle Ins. Co. v. Foremost Ins. Co. (1993) 20 Cal App 4th 1372, 1396)

The “paradigm cases” for disqualifying conflict include the one just cited Golden Eagle Ins. Co. v. Foremost and others, i.e., Long v. Century Indem. Co. (2008) 163 Cal App 4th 1460, 1471, because the coverage issue in those cases rested on whether the insureds acted negligently or intentionally. Under those circumstances, the appointed defense counsel could control the production of evidence to disfavor coverage.

There are two strong reasons the Insurers attack these decades of common law and statutory law, however: Cost and Control. The insurers hope to 1) rein in the costs of litigation only paying their panel counsel negotiated below market bargain rates, and 2) dictate defense strategies to those cheaper counsel; sometimes they succeed.

It is common for insurers to argue that their beleaguered insureds (who are fighting off underlying lawsuits) must also first prove the disqualifying circumstances to secure the benefits of unconflicted defense. In two recently reported cases, the insurer prevailed where the policyholders did not submit evidence supporting a potential conflict, and the insurers avoided any obligation to pay for independent counsel. In both cases the insured simply failed to produce any evidence of actual potential conflict of interest. A review of these cases is instructive and demonstrate the pitfalls of over-reaching.

The insurer won a summary judgment affirmed on appeal in Centex Homes v. St. Paul Fire and Marine Ins. Co., 2018 Cal. App. LEXIS 45, just filed on January 22, 2018. The Centex court determined that the insured did not “establish a triable issue of material fact” to show the St. Paul appointed panel defense counsel Mr. Lee could influence the outcome of the coverage dispute, so St. Paul did not have to pay for independent counsel. Homeowners brought the underlying suit against Centex and others for damages from construction defects for which Centex may be strictly liable. Centex tendered the suit for a defense, as an additional insured on its contractor’s policy issued by St. Paul. There was active coverage litigation pending between St. Paul and Centex, but panel counsel Lee testified that St. Paul did not control what he did, and did not ask him to settle claims against the named insured (to leave Centex without coverage.) Further Lee did not represent St. Paul in the coverage lawsuit. Centex offered no contrary facts or other evidence tending to show any conflict.

The Centex opinion recites the applicable standards and accepted the evidence offered by St. Paul (Lee deposition testimony), and rejected the Centex argument that a potential conflict may arise without more detail as to what constitutes the actual conflict. The Court was unimpressed with the Centex theoretical argument and its reliance on its legal briefing, and noted the absence of admissible evidence of any potential conflict. The opinion contains an excellent overview of most of the law on these issues and demonstrates the pitfalls of relying on purely theoretical arguments to show potential conflicts.

In Illinois, another opinion confirmed the insured had no right to independent counsel in Bean Products, Inc. v. Scottsdale Ins. Co. filed January 22,2018, as case no 16 CH 7504. Again the policyholder lost a summary judgment motion by not submitting sufficient admissible evidence demonstrating the conflict and it was affirmed on appeal. A competitor brought a trademark and copyright infringement suit against the insured Bean, and Bean’s counsel Gauntlett & Associates (“G&A”) tendered it to Scottsdale for a defense. G&A was attempting to be Bean’s “independent counsel” but Scottsdale agreed to defend under a very limited reservation of rights (only denying coverage for punitive damages), appointed counsel, and contested any conflict. Scottsdale demanded cooperation and that G&A relinquish control of the defense. G&A refused and instead argued for independent counsel rights, refused to provide documents requested (including with regard to settlement discussions with plaintiff and the insured’s evaluation of the merits of the suit.)

Despite the foregoing, Scottsdale’s appointed counsel managed to settle the case very economically for $30,000. Bean then demanded Scottsdale pay G&A’s fees in the amount of just over half–$15,373.75. Bean’s argument was that the appointed counsel was not as expert as G&A and that G&A did more to bring about the settlement. Under Illinois law, the allegations of the complaint determine the duty to defend, which includes the right to control the litigation. The insured failed to show any actual conflict existed, however, that would somehow impair the defense Scottsdale was providing. Scottsdale declined coverage for punitive damages, but that did not create a conflict under Illinois law nor would it under California law.

The Bean opinion cited to cases where the facts presented an actual conflict: 1) the driver of the insured company was aligned with the plaintiff in the accident suit, whereas the insurer would seek to separate the driver from the insured company and 2) a builder was being sued for mold damage—the insured seeks to prove no liability but the insurer would be protected if the mold damage occurred before the policy inception regardless of the insured’s liability.

Bean was unable to submit any such conflict facts. The court ultimately determined the insured voluntarily assumed the G&A bills, and had no right to secure reimbursement from Scottsdale.

Policyholders must pick their fights carefully. Bad facts make for bad law and these most recent cases are great examples of coverage suits that should not have been litigated.

That it took an appellate court to order AIG’s Lexington Insurance to honor its additional insured obligations is a measure of how frequently insurers attempt to dodge this important contractual obligation. The case of McMillin Management Services v. Financial Pacific Insurance, et al., in the Fourth District of the California Court of Appeal, was decided just a few days ago, on November 14, 2017. The Court reversed the trial court, finding that Lexington had to defend McMillin, a general contractor because of the construction defects potentially caused by the operations of the Lexington insureds, two subcontractors.

Lexington argued that since the homeowners’ claims arose after the subcontractors’ work was done, these claims could not have “arisen out of” the subcontractors’ on-going operations and fit into the exclusion for completed operations. However, the additional insured endorsements were not so limited, and provided coverage for liability arising out of such operations as damage may well have occurred during the construction operations.

McMillin had used a number of subcontractors to work on the subject development, two of whom, Martinez and Rozema, purchased insurance with Lexington and included additional insured endorsements. This may be the first published decision specifically construing such “arising out of” language, which commonly appears in such endorsements. Although there was a completed operations exclusion, it was not clear when the alleged damages occurred, therefore there was a potential for a defense.

The appellate court relied on the holding of another decision that held the term “arising out of” in this context is to be broadly construed: “… it broadly links a factual situation with the event creating liability, and connotes only a minimal causal connection or incidental relationship.” Acceptance Ins. Co. v. Syufy Enterprises (1999) 69 Cal.App.4th 321, 328.

Lexington argued that McMillin could not have faced liability for the homeowners claims during its insureds’ operations (as there were no damages then—the project was just being built), but the appellate court noted “arising out of” is simply broader than “during.” This court concluded that: “The term “arising out of” in the endorsements granting McMillin coverage for ” ‘liability arising out of [Martinez’s or Rozema’s] ongoing operations,’ ” provides only that McMillin’s liability must be “linked,” through a “minimal causal connection or incidental relationship”…, with Martinez’s or Rozema’s ongoing operations.” Since it was entirely possible that property damage occurred while the operations were on-going, there was a potential for coverage and a duty to defend. In effect, the duty to defend continues until Lexington can establish with undisputed and conclusive facts that there were no damages until after the subcontractors’ work was completed.

This opinion establishes for developers and their counsel the importance of carefully reviewing additional insured endorsements to ensure the broadest possible protections against claims arising from the work of the subcontractors.

In a recent federal court decision out of Colorado, Travelers failed to convince the Court that it had no duty to defend its insured based on its IP exclusion (barring coverage for patent infringement claims). Travelers’ subsidiary, Charter Oak, attempted to dodge coverage for its insured, Minute Key, Inc., under a liability policy. Minute Key was sued by a competitor, Hillman Group, who claimed that Minute Key falsely accused Hillman of patent infringement, and in doing so sought to steal business from it. There was no patent infringement claim against the insured!

The Charter Oak/Travelers policy provided “Personal and advertising injury” coverage. Advertising injury was defined as “…injury, other than “personal injury,” caused by one or more of the following offenses: (1) oral or written publication … in your “advertisement” that “disparages a person’s or organization’s goods, products or services… .” Likewise “Personal injury” was defined as “… Oral or written publication … that … disparages a person’s or organization’s goods, products or services… .”

The IP Exclusion states that the “insurance does not apply “Personal injury or advertising injury arising out of …Patent…[infringement]”.

The underlying lawsuit began as a declaratory judgment action where Hillman sought a declaration of non-infringement and invalidity under the Patent Act against Minute Key. Then its suit was amended to add a claim of damages for product disparagement under the Lanham Act and state law.

So the coverage issue raised by Travelers was whether Hillman’s disparagement action’s genesis, in patent infringement allegations made by Minute Key against Hillman, brings the action into the exclusion. Ordinarily, insurers (whose policies exclude coverage for patent infringement claims) deny coverage for patent infringement claims made against their insureds!

Thus, Travelers’ counsel took a creative leap on this one! Even in Colorado, which applies the “four corners rule” determining duty to defend just on the allegations in the Complaint as against the Policy, it is evident Travelers had to defend. This is because the duty to defend arises when the underlying complaint alleges any facts that might fall within coverage. The district court readily decided in favor of the policyholder because while Travelers broad reading of its exclusion was “colorable,” it was not conclusive. The coverage grant expressly included the obligation to defend the underlying claims of product disparagement—and coverage grants are to be applied broadly—Colorado law is to construe the duty to defend “liberally with a view toward affording the greatest possible protection to the insured.” (Thompson v. Maryland Cas. Co., 84 P. 3d 496, 502 (Col. 2004)).

The Court found the IP Exclusion ambiguous in the context of the facts of the case (which seems generous), but that ambiguity finding meant the Court was required to rule against Travelers. Travelers’ effort to argue for a broad interpretation of its exclusion also runs counter to California law, which requires exclusions to be interpreted narrowly as they seek to limit coverage grants which are, in contrast, to be interpreted broadly. This does not stop aggressive insurer counsel from continuing to flaunt the rules of interpretation—arguing the very opposite of what the rules of construction allow.

A few weeks back, the Insurance Recovery report posted a blog about the difficulty obtaining insurance coverage for “fake president” fraud, which is also known as business e-mail compromise, or social engineering fraud. Two courts have recently reached opposite holdings on this exact topic, which highlight the difficulty policyholders face when they have been victimized by Fake President Fraud.

The policyholder-favorable of those rulings came out of a New York District Court, where the judge found in favor of coverage for this type of fraud under a crime policy issued by Federal Insurance Company. Medidata Solutions, Inc. v. Federal Ins. Co., Case No. 15-CV-907 (S.D.N.Y. July 21, 2017). Docket No. 32. The case was typical of fake president fraud. In 2014, a fraudster imitating the president of Medidata Solutions, Inc. directed an employee in the accounts payable department to wire money overseas for a company acquisition. The e-mail included the president’s e-mail address and picture, and copied a fake attorney. The employee performed some degree of due diligence, corresponding with the fake attorney by e-mail and phone before wiring the money. However, that employee ultimately wired $4.8 million dollars to a fraudulent account. Fortunately, the company discovered the fraud before a request to wire another $4.8 million was completed. Medidata sought coverage under its Federal Insurance Company crime policy, but Federal denied the claim. Medidata filed suit in February 2015.

The scope of coverage under the policy turned on a computer fraud provision in the crime policy that covered losses that occurred as a result of the “fraudulent entry” or changing of data in the policyholder’s computer system.” The question then arose: was this a fraudulent entry? Some courts had previously determined that fake president fraud does not result in a fraudulent entry or act because the company employee voluntarily makes those changes (although at the direction of a fraudulent actor). Here, though, Judge Andrew Carter Jr. disagreed, holding that the entry was indeed fraudulent because the fraudster used a computer code to alter a series of email messages to make them appear as if they originated from the company’s president. In that regard, Judge Carter followed the decision in Universal American Corp. v. National Union Fire Ins. Co. of Pittsburgh, Pa., which found such entries to be fraudulent because they violated the integrity of the computer system. To Judge Carter, it seemed implausible that one would ever find coverage under the narrow view other courts have taken because it would require the fraudster to break into the computer system and wire the money.

But then yesterday, a Michigan District Court reached the exact opposite ruling in American Tooling Center Inc. v. Travelers Casualty and Surety Co., Case No. 5:16-cv-12108, 2017 U.S. Dist. LEXIS 120473 (E.D. Mich. Aug. 1, 2017). There, the fraudster sent e-mails posing as a vendor of the Michigan-based company, asking to forward payments due under a contract between the parties. The company sent the money, only to discover the money was lost forever. American Tooling Center sought coverage under its Travelers’ crime policy because it constituted computer fraud, but Travelers denied the claim, arguing that there was not a “direct loss” that was “directly caused by” the use of a computer.

The relevant policy definition defined computer fraud as the use of “any computer” to “fraudulently cause” a “direct loss” by money transfer. American Tooling and Travelers obviously disagreed about those terms, but the Judge found in favor of Travelers because the term “direct loss” was synonymous with the term immediate, and there were steps in between the fraudulent e-mails and the wiring of money. In short, the Michigan court would require the exact thing – a fraudster hacking into the computer and sending the money directly – that the New York court found implausible.

What are the major takeaways from these rulings? First, it is always critical to carefully review the language in insurance policies. The American Tooling Center court distinguished the ruling in Medidata by contrasting the policy language because the Medidata policy did not include the term “direct loss” in its definition of fraud. To many people, that would be a minor distinction. But to the Michigan court it meant the difference between there being coverage or not. We believe that the Medidata court had the proper holding, that the Michigan court should have followed suit, and that Judge Carter’s belief that a computer fraud coverage requirement that a fraudster perform a transfer for there to be coverage is too draconian. And because rulings on this subject have come down all over the place, policyholders that frequently conduct transfers via computer should consider contacting insurance professionals, be it an attorney to interpret the policy, or a broker to determine whether there might be a policy endorsement available specifically aimed at this type of event.

California Insurance Code §678 provides as to personal lines policies (such as homeowners, auto or personal liability): “(a) At least 45 days prior to policy expiration, an insurer shall deliver to the named insured…(1) an offer of renewal of the policy contingent upon payment of premium…stating…(A) Any reduction of limits or elimination of coverage…”

Insurance Code §675.5 makes the same law applicable to commercial policies issued for delivery to California insureds. Insurance Code §676.2(c)(1) provides as to policies of commercial insurance that upon renewal no reductions or changes in the conditions of coverage shall be effective unless a written notice is mailed at least 30 days before the effective date of the change, and such changes can only be made where there are specific reasons for the change (such as willful or grossly negligent acts by the insured or failure to institute loss control measures, or change in use materially adding to the risk). These Insurance Code provisions protect insureds from surprise exclusions which materially reduce the coverage being renewed.

It is very common to find California Changes Endorsements on policies issued in California to reflect these legal requirements. They are usually entitled: “California Changes—Cancellation and Nonrenewal” followed by a promise to adhere to these time limits of Notice and other provisions of the Insurance Code regarding renewal or cancellation of the policy.

What if at renewal time, the insurer simply sends a general “Notice of Policy Conditional Renewal” which is a boiler plate Notice reserving the right to make any kind of change in terms, premium or deductibles? Is that sufficient Notice to allow major reductions in coverage to be enforceable? We thinknot.

The case law makes these contractual obligations to notify explicit. The California Supreme Court has held that “no change may be made in the terms of the renewal policy without notice to the insured.” (Industrial Indemnity Co. v. Industrial Accident Commission of California (1949) 34 Cal. 2d 500, 506.) California law requires that when an insurance company changes, reduces, or limits the coverage or benefits of a policy upon renewal, the notice of such change must “be provided in a ‘plain, clear and conspicuous writing.’” (Everett v. State Farm General Ins. Co. (2008) 162 Cal. App. 4th 649, 663.) To be conspicuous, the notice must be “displayed or presented” in a way that it would be “noticed” by a reasonable person. (Broberg v. Guardian Life Ins. Co. of Am. (2009) 171 Cal. App. 4th 912, 922-23.) Examples of conspicuous notice “includes . . . a heading in capitals . . . larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size . . ..” (Id. at 923.) Moreover, the notice of reduction in coverage must be “specific.” (Davis v. United Services Auto Ass’n (1990) 223 Cal. App. 3d 1322, 1332.) Thus, “a general admonition to read the policy for changes is insufficient.” (Id.) The failure to provide “adequate notice” renders the attempted reduction or limitation in coverage “ineffective.” (Id. at 1333.)

A major reduction in coverage in the Renewal terms should be disclosed to the insured so that the insured has an opportunity to make an informed decision to renew with the same insurer or seek coverage elsewhere. Certainly an insured must have a reasonable notice of the renewal terms, if the insurer plans a major reduction in coverage. The failure of the insurer and/or the broker to disclose major reductions in coverage in the renewal terms, has serious consequences including making that surprise and deadly exclusion unenforceable. So buyer beware and be forewarned! If you find your renewal policy has surprise holes in the coverage, you might consult coverage counsel as the insurance law may afford some remedies.

In the last few weeks, we have seen yet another widespread ransomware attack that hit nearly one hundred companies around the world. It reminded me of a recent request from a client, made just after news broke of the WannaCry ransomware attacks, to review its insurance portfolio to confirm that it was covered for ransomware attack. The client had that coverage, but I noticed that there was a gaping hole in the policy for another type of common attack that goes by a variety of names – business e-mail compromise, social engineering fraud, and fake president fraud. What is critical for companies to understand, and few do, is that they must purchase a specific endorsement to obtain this kind of coverage.

These types of attacks are as much identity fraud as they are a cyberattack. In these kinds of cases, an impostor will pose as a high ranking executive at a company, and command a lower level employee via email to wire money to a client or vendor account. The employee, so diligently trained to follow orders, will then complete the transaction, unwittingly transferring company funds into a fake account. After all, what employee would question the company’s CEO, CFO, President, or other superior?

This crime poses significant challenges from a coverage perspective. The act does not fit cleanly within the typical first party coverages included in cyber policies – it isn’t a data breach, in which information is stolen or compromised and needs to be repaired, and it isn’t a ransomware attack, in which a company has its business shut down. These types of attacks also aren’t covered by modern crime policies because the action taken – the wiring of money by an employee – is voluntary. There is no extortion, and no money is stolen.

Courts recently confronted with these situations have routinely denied coverage. One example can be seen in Aqua Star (USA) Corp. v. Travelers Cas. & Sur. Co. of Am., No. C14-1368RSL, 2016 U.S. Dist. LEXIS 88985 (W.D. Wash. July 8, 2016). There, a hacker impersonating a vendor of the policyholder directed an employee to change the bank account for future payments to that vendor. The employee dutifully did so, and the policyholder lost over $700,000 when money was wired to the fraudster’s account. The crime policy covered computer fraud, but contained an exclusion for “loss resulting directly or indirectly from the input of Electronic Data by a natural person having the authority to enter the Insured’s Computer System.” Travelers denied coverage because the employee had authorization to input the new bank information to the account, and the District Court agreed, finding that the loss – the transfer of money to the new account – indirectly resulted from the inputting of the new bank information.

In Taylor & Lieberman v. Fed. Ins. Co., 2017 U.S. App. LEXIS 4205 (9th Cir. Mar. 9, 2017), the Ninth Circuit was faced with a similar situation. There, an accounting firm handled payments and transfers for its clients. An impostor took control of a client’s e-mail account and sent multiple wire payment instructions to the accounting firm. The employee wired the money, and did not discover the fraud until the third request to wire money. The accounting firm sought coverage under its crime policy, which provided coverage for “direct loss sustained by an Insured.” The Court denied coverage because it determined the accounting firm was seeking recovery for third party losses – those of its clients – and not its own. That the company might have to indemnify that client for the fraudulent payments was immaterial.

Fortunately, not all cases end with an insurer victory. But the uncertainty of these results begs the question: how do you insure for these attacks? The answer is a policy endorsement targeted at these types of attacks. It is usually added to a company’s crime policy, and will include language such as “the Company will reimburse the Insured for Loss sustained by the Insured Person as a direct or indirect result of Business E-mail Compromise.” The Policy will then define Business E-mail Compromise, and within that definition it should include reference to coverage for voluntary actions of the insured (who is wiring money under false pretenses). The policy limits for these endorsements tend to be lower than the policy it is attached to, but any coverage an insured can obtain for this kind of fraud is better than none.

There are a few important takeaways on this issue. First, check your insurance policies for language that may suggest coverage in this area, and read the language closely. You will want to make sure your company is covered when money is sent by employees as a result of fraud. If you do not see such language, ask your broker to get you options to add this endorsement to one of your policies. Second, confirm that the policy endorsement you obtain is broad enough to subsume the acts you are seeking to cover. The worst case scenario would be purchasing an endorsement that fails to cover the fraudulent actions for which you are hoping to obtain insurance. Finally, train your employees for these types of situations. A simple 30 minute training on how to identify tells that reveal these schemes may help your company avoid hundreds of thousands of dollars in losses by avoiding this situation altogether.

About Nossaman LLP

Nossaman is an innovative law firm working on cutting-edge issues across seven U.S. offices. Named to Law360’s inaugural list of “California Powerhouses” and three times to the National Law Journal’s “Midsize Hot List,” our expertise is focused in distinct areas of law and policy, as well as in specific industries. With a strong foundation in California, we have built nationally recognized practices in infrastructure, litigation, healthcare, environment and real estate, public policy, and corporate law. Visit nossaman.com.